GitHub Advanced Security secures data by scanning for vulnerabilities in dependencies, secret scanning, and protecting sensitive information. It integrates seamlessly, reducing reliance on multiple tools and optimizing vulnerability detection.
| Product | Market Share (%) |
|---|---|
| GitHub Advanced Security | 7.8% |
| SonarQube Server (formerly SonarQube) | 20.8% |
| Checkmarx One | 10.2% |
| Other | 61.2% |
| Type | Title | Date | |
|---|---|---|---|
| Category | Application Security Tools | Sep 4, 2025 | Download |
| Product | Reviews, tips, and advice from real users | Sep 4, 2025 | Download |
| Comparison | GitHub Advanced Security vs SonarQube Server (formerly SonarQube) | Sep 4, 2025 | Download |
| Comparison | GitHub Advanced Security vs Veracode | Sep 4, 2025 | Download |
| Comparison | GitHub Advanced Security vs Checkmarx One | Sep 4, 2025 | Download |
| Title | Rating | Mindshare | Recommending | |
|---|---|---|---|---|
| SonarQube Server (formerly SonarQube) | 4.0 | 20.8% | 81% | 116 interviewsAdd to research |
| GitLab | 4.2 | 2.5% | 97% | 86 interviewsAdd to research |
| Company Size | Count |
|---|---|
| Small Business | 1 |
| Midsize Enterprise | 4 |
| Large Enterprise | 6 |
| Company Size | Count |
|---|---|
| Small Business | 415 |
| Midsize Enterprise | 287 |
| Large Enterprise | 1188 |
GitHub Advanced Security is designed to enhance security awareness by offering comprehensive tools for secret scanning, code analysis, and SCSS dependency checks. AI-driven features deliver accurate security insights while minimizing false positives. It provides valuable integration with Azure DevOps, maintaining control within dashboards and enabling external systems' support through APIs. With CodeQL, users can perform custom queries across projects. Propelled by Microsoft, the platform enhances operational frameworks with essential security features, although improvements are needed in dashboard consolidation, reporting, and integration mechanisms. Users seek better customizability, language support, and training resources to ensure smoother implementation.
What are the key features of GitHub Advanced Security?Industries implement GitHub Advanced Security to maintain robust security standards. It is favored by technology sectors seeking seamless integration with Azure DevOps and looking for customizable security tools tailored to project needs. Financial institutions value its accurate threat detection and compliance support, while enterprises focus on its comprehensive dependency scanning and code analysis capabilities to safeguard critical assets. The adaptability of GitHub Advanced Security across different operational environments illustrates its practical benefits.
| Author info | Rating | Review Summary |
|---|---|---|
| Director, Application Security at Carlsberg | 4.0 | I find GitHub Advanced Security beneficial for source code analysis and code scanning within GitHub environments, but it lacks timely updates for open-source vulnerabilities and API security focus. It also has compatibility issues with Microsoft integration, which is surprising. |
| AppSec at a computer software company with 201-500 employees | 4.5 | I use GitHub Advanced Security for source code scanning due to its customizable rules and seamless integration within my workflow. However, it lacks effective management reporting features. Although I find the cost high, it offers fewer false positives than Veracode. |
| Delivery Head at Newt | 4.5 | I’ve used GitHub Advanced Security for 3-4 years and appreciate its flexibility, Dependabot alerts, and security dashboard, though it could use more customization. Setup was easy, pricing is good, and I've seen time-saving ROI. |
| DevOps Engineer at Alm Brand | 4.0 | I use GitHub Advanced Security at work for detecting code vulnerabilities and secrets. It offers valuable features like copilot auto-fix and custom queries. Improvement is needed in language support and organizational control. We switched from Bitbucket and GitLab due to company policy. |
| Senior Solution Architect at a manufacturing company with 10,001+ employees | 4.0 | I use GitHub Advanced Security for its focus on code security and CodeQL's reliable findings. While SonarQube emphasizes code quality, both tools complement each other. Improvements are needed in language support and customized rulesetting for better flexibility. |
| Assistant General Manager at Air India Limited | 4.5 | I use GitHub Advanced Security in my company to detect code vulnerabilities while developing web and mobile apps. The deployment process is challenging and needs improvement, especially with clearer guidelines for addressing vulnerabilities, though its reporting capability is useful. |
| Technical Program Manager at a healthcare company with 10,001+ employees | 4.5 | In enhancing our security mindset and developer experience, GitHub Advanced Security excels with its customizable CodeQL queries, reducing noise and false positives compared to Fortify. However, its reporting features and integration capabilities with existing security tools require improvement. |
| Technical Consultant at Canarys Automations Pvt. Ltd. | 4.5 | As a partner, we implement GitHub Advanced Security for SaaS analytics, valuing its dependency and secret scanning features. While CodeQL offers customization, it requires query-writing skills, and training is limited. We switched from multiple products due to partnership benefits. |
